I'm developing an android app where I would like to fetch some data (mostly text) from the internet but not necesseraly from a website! I would like to have a server that allows clients to fetch some text data. What kind of server fits my goals the best? Http or maybe simply tcp? I don't know much about http so I don't know if it matches my goals and/or if it handles well a kind of text "database".
Edit:
A use case could be: people could write comments and send them to the server. Then clients could refresh their app by fetching new comments from the server. Therefore I'M asking what kind of server could best handle services and kind offre database if needed.
I like using NodeJS in combination with ExpressJS for such purposes. This combination allows you to easily work with HTTP/HTTTPS which is allowed by practically every firewall or proxy server. As of the latter reason I recommend you to use HTTP instead of an own protocol. Furhtermore, Java offers the HTTPURLConnection client which is very easy to use. Moreover, securing traffic with TLS (SSL) is very simple. In addition, NodeJS is resource efficient, runs on Windows, Linux and even on OS X.
For getting the text you can use HTTP GET request handled by the get() method of the Express instance.
This compact tutorial helped me to get familiar with Express on NodeJS.
Without knowing what your use-case is it's difficult to make a good recommendation.
With that said you may find something like https://parse.com/ suitable.
They provide an Android sdk and the 'getting started' tutorials will have you up and running in no time at all.
Related
I have read countless posts regarding the use of JDBC with Android. Everybody suggests to take the path of using PHP scripts and using HTTP clients within the Android code.
It would be great to just get a clear indication as to why the JDBC is not advised.
JDBC access directly from a web client, be it browser or web phone, implies that the database port is exposed on the public internet. That's not a safe place for any data to be.
I think a better approach is to put one or more servlets between clients and the database. Let the servlet(s) handle security, validation, binding, deciding which services to invoke to fulfill the use case, marshaling the response, and routing to the next page depending on the outcome.
This design lets you put the intermediate layer on the internet and keep your data safe behind a firewall.
It's called Model-2 MVC. It's been the standard idiom for Java web development for more than ten years.
You'll get a lot more use out of your code if you have a clean separation of the presentation of data from how it's produced. UIs come and go, but services and data linger. Think in terms of services first and you'll do better.
The current solution that I have to adopt uses JDBC and stores the user/password of the database inside the android app. That's as far as I'm concerned not a good solution. I would like to implement a mapping layer on the webserver in the middle.
Is there any best practice or recommended strategy for this? Should I use SOAP or JSON or something completely different (because they're well implemented and/or easy to use in Java)?
Are there any mapping tools for postgresql <-> SOAP/JSON/whatever in PHP or will I need to write these scripts by myself?
Any pointers will be greatly appreciated.
Quick version:
Use a web service midlayer running on a public host you control (possibly but not necessarily the database host). Expose public web service methods to do the limited work you want to permit and nothing else.
Related questions:
Driver JDBC PostgreSQL with Android
How to connect to a PostgreSQL server via JDBC in Android?
Implementation options
Personally I'd use a Java application server like Apache Tomcat or JBoss AS 7 and I'd write my web service methods using JAX-RS to produce a nice REST-style API for my app to use. That's what I'm familiar with and it works well, but you have lots of options including implementations of:
REST-like APIs (Java's JAX-RS impls Jersey and RESTEasy, various other langs tools) that use HTTP requests and produce JSON or XML replies.
SOAP with WSDL, the classic "web service" layer. In Java done with JAX-WS among other options. Most languages have tools for SOAP+WSDL but it's kind of crappy to work with especially on intermittently connected devices like mobiles.
XML-RPC if you like pain
There are some JAX-RS quickstarts on the JBoss AS 7 quickstarts list; just search for "JAX-RS". The "kitchen sink" quickstart is useful, though perhaps not ideal if you're not familiar with the basics of JBoss AS 7 and Jave EE 6. Fort the JAX-RS specifics you're better off with a Jersey or RESTEasy tutorial like this or this.
Important considerations
Use HTTPs if possible, and if access isn't to be public use a suitable HTTP authentication scheme like HTTP Basic auth over HTTPs. Any decent web services implementation will offer authentication options or support those of the platform on which it runs. Avoid the temptation to implement your own authentication and user management at the web services layer, you will screw it up; use the auth at the HTTP layer that's already written and tested. This may require the use of something like Apache's mod_auth_pgsql, JBoss AS 7's JDBC security realms, etc. The only case I'd consider not doing proper per-user HTTP auth is where I don't need to separate my users for security reasons, I only care that it's my app accessing the server, ie if my security requirements are quite weak. In this case I'd use a fixed username/password for the whole app and possibly an X.509 client certificate if Android supports them.
Remember that no matter how you secure things, all credentials are either known to the user or can be extracted trivially from a .apk so you still have to assume anybody could access your web service methods, not just your app. Write them accordingly.
Do not just send SQL from your app over a web service call to the server and return the results as JSON. This is horrifyingly insecure, as well as ugly and clunky. Write a web service method for each individual task you want the app to be able to perform and keep the SQL in the server. Remember to use parameterised queries and be careful of other SQL injection risks. These web service methods may use one or more queries to produce a single reply - for example, you might collect a "Customer" record and all associated "Address" and "Contact" records then return the result in a nice JSON object the Android device can consume, saving numerous slow and unreliable network round trips.
No matter what you use, make sure to do your web service calls in a background worker thread and not to block the user interface. Be prepared for timeouts and errors, and for the need for retries. Test your app by simulating intermittent connection loss, high latency, and high rates of packet loss and make sure it remains usable.
Is there a best practise:
It depends on the person. All have their strength and weakness.
I prefer, and I think many but not all will agree on JSON cause it is really easy to use in Android. It's also lightweight and very easy to use in php. Php has methods to convert an array/object to json and back.
It is indeed not recommended to save your postgres data on an android device.
My strategy is usually:
PHP server side with a POSTGRESQL database, using PDO to communicate between my models and the database.
If you are not familiar with PDO(php data objects), I recommend you make yourself familiar with it.
php.net PDO
Android as client, using JSON as method of transfering data from and to.
There are many examples that can help you.
Android has standard libraries to handle json parsing.
See this answer for an example:
example
I am developing an Android client to connect to a database (in my case MySQL server). The nice approach is using a Web Serive between them.
I found some nice reason for it here :
Best way to access a remote database: via webservice or direct DB-access?
Elad wrote nice reasons such as complexity and security around this approach. Can you give me some new advice around these approaches and let me know about the source of your ideas, since Elad did not provide any source.
The simplest reason is that a JDBC connection needs to be stable. And mobile connections are not stable enough. Thus using an intermediate web service is a good option. Providing a rest service around some database will provide you with a secure, stable, standard way to access your data.
Friends
Any one can tell me ,, what Strategics or steps to connect my android app to SQL server ??
i want to developer android app , this app connected to Sql server direct , and whats best choices to do that ???
thanks for help
You could use a webservice to provide service orientated architecture (SOA).
For example you may have a database with a PHP/Java/.Net application connected to it. When a mobile device makes a web request to this application, it returns data to the device.
The data returned could be in a choice of formats such as json or xml. Personally I prefer json if mobile devices are involved as the footprint from json is smaller than xml due to its characteristics. However that said, should you need meta data in the response then xml maybe more useful.
There are many tutorials on this and libraries to help deserialise responses (GSON from google is good when Json is involved), therefore I am not going to reinvent the wheel when others before me have explained this before and probably better.
Finally; the use of a webservice allows for multiple platforms to communicate with your database (and other services you offer) and allows for any 'heavylifting' to be done on a server rather than a mobile device.
From your comments to Graham Smith's answer, I understand you prefer to connect to SQL Server directly, without an explicit webservice or other communication layer in between.
You have to understand: android devices are usually mobile, so an indirect connection that doesn't require the android device to be in the same network as the SQL Server (including the security horrors that brings along in an enterprise environment) is usually preferred.
Back to the actual question: you can us JDBC to access SQL Server from Android. Either use Microsoft's own JDBC Driver for SQL Server, or use the Open Source jTDS . The latter seemingly solves some connection problems some peole seem to be having with the Microsoft driver.
I am looking for reading resources or sample applications that can help me hammer out the following application workflow:
The client application establishes a connection to our server
The client application scans for updates on a regular interval
If an administrator has posted a new message, the new message is displayed in a widget.
I currently have 2 concerns:
I want to ensure that the monitoring service is not a major battery drain.
What is the most secure and simple method to establish the connection to retrieve data?
....There are a lot of suggestions out there... I need to know what method I should be researching over all others. Currently, all options are on the table because I have yet configure our server.
There are a lot of questions here, I'll try to give a succinct answer.
For the infrastructure I would go with HTTP REST calls to retrieve JSON data reprsenting your messages. Here is a decent link about writing an HTTP REST client for android, there are many others online.
For security, I would definitely start with SSL, but if you need to authenticate the requests I would also look at OAuth to secure you remote API.
As far as A, Have you considered using C2DM (aka "push") to trigger the updates? Then there's no client bandwidth beyond what is being used anyways for the Market/GMail/Talk connection. If you need to support Android versions below 2.2 it's not really an option at the moment, though.
Otherwise there's a few good examples of being a good citizen when polling from a widget; Jeff Sharkey's android-sky is probably the oldest, best, and most authoritative.
For B, unless I'm misunderstanding your need it's pretty hard to beat HTTPS; rolling your own "secure" transport over vanilla HTTP or anything lower-level is just asking for a disaster.